配置远程访问地址限制
华三交换机上配置如下:
acl number 2000
rule 5 per so 172.24.23.210 0.0.0.0
rule 10 per so 172.24.23.160 0.0.0.0
rule 15 per so 172.24.23.161 0.0.0.0
rule 20 per so 172.21.5.13 0.0.0.0
rule 25 per so 172.30.10.200 0.0.0.0
rule 30 deny so any
exit
ssh server acl 2000
翻译成juniper配置,是不是如下所示呢?有没有需要改的?怎么改呢
edit
set groups address-set my-address-set
set address member 172.24.23.210/32
set address member 172.24.23.160/32
set address member 172.24.23.161/32
set address member 172.21.5.13/32
set address member 172.30.10.200/32
exit
commit
edit ssh
set remote-address-list my-address-set
exit
commit
(0)
最佳答案
set firewall family inet filter ACL-2000 term 5 from source-address 172.24.23.210/32
set firewall family inet filter ACL-2000 term 5 then accept
set firewall family inet filter ACL-2000 term 10 from source-address 172.24.23.160/32
set firewall family inet filter ACL-2000 term 10 then accept
set firewall family inet filter ACL-2000 term 15 from source-address 172.24.23.161/32
set firewall family inet filter ACL-2000 term 15 then accept
set firewall family inet filter ACL-2000 term 20 from source-address 172.21.5.13/32
set firewall family inet filter ACL-2000 term 20 then accept
set firewall family inet filter ACL-2000 term 25 from source-address 172.30.10.200/32
set firewall family inet filter ACL-2000 term 25 then accept
set firewall family inet filter ACL-2000 term 30 then discard
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论